Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139322e3134352e33372e302f32342d3332203d3e203531313637.roa
File:                     3139322e3134352e33372e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          3+kourWvJ1EB9YSYpZN5StXPQcjM2KshM+pBkiN2uyo=
Subject key identifier:   AF:63:50:37:DC:46:62:46:08:EA:5C:D0:98:DE:12:DA:B2:06:A3:1C
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       45B5E606533C5F37C1A6A60E60F7C0035F14A8
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139322e3134352e33372e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:50 +0000
ROA not before:           Mon 26 Feb 2024 08:48:50 +0000
ROA not after:            Mon 24 Feb 2025 08:53:50 +0000
asID:                     51167
IP address blocks:        192.145.37.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:b5:e6:06:53:3c:5f:37:c1:a6:a6:0e:60:f7:c0:03:5f:14:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:50 2024 GMT
            Not After : Feb 24 08:53:50 2025 GMT
        Subject: CN=AF635037DC46624608EA5CD098DE12DAB206A31C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ee:60:ce:82:38:13:0c:c9:9f:ac:f0:db:99:
                    26:ab:08:1e:2b:b1:a3:eb:86:a6:6a:56:89:39:67:
                    6a:3c:92:77:03:cc:9f:4e:e5:90:91:1e:a7:1a:a3:
                    8f:9f:f3:c5:f8:cc:90:7a:26:ce:ab:06:ef:61:a1:
                    22:1b:3a:23:63:78:68:6a:8f:e1:74:e8:7b:83:a6:
                    c9:f7:49:0c:be:91:7e:3a:c1:04:4d:02:29:15:94:
                    a6:12:fe:3c:8a:7b:ef:be:9e:bd:50:82:e6:a1:dd:
                    66:05:43:b2:ed:27:35:4e:9f:ab:5e:bb:35:03:28:
                    47:f8:ab:a0:ca:2c:19:01:21:e9:f9:39:44:92:d8:
                    a8:be:e0:40:31:2c:06:39:8d:84:24:d1:cd:2c:3a:
                    04:69:ef:0c:6b:97:d3:87:34:90:45:d9:d7:b1:40:
                    0f:cf:29:3b:1f:03:8f:d7:dd:79:10:72:0d:50:d8:
                    ce:1c:33:b1:42:3d:69:25:a1:7a:ee:dd:1a:49:71:
                    36:f8:44:ed:bb:d9:78:29:63:5a:67:96:33:a9:c1:
                    5e:ca:1a:ef:d1:8f:ac:7a:b0:e2:5a:6a:ac:9b:0f:
                    f6:58:d9:05:17:63:bf:69:ea:9b:b6:cf:38:00:72:
                    8f:09:0c:cc:66:dc:44:a8:76:e2:e2:89:2d:da:bf:
                    42:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:63:50:37:DC:46:62:46:08:EA:5C:D0:98:DE:12:DA:B2:06:A3:1C
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3139322e3134352e33372e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:2e:7e:27:59:dd:56:bb:d4:65:8b:0b:a5:90:84:69:8d:04:
         d7:10:c7:fc:08:28:9e:52:d8:7c:c6:12:0d:77:b4:15:ca:7a:
         1d:55:c6:73:52:ab:7d:e5:a3:8a:67:5a:ca:f9:1b:a6:67:df:
         9d:bd:c4:2c:1f:8f:3d:a5:71:6e:80:dd:4b:0c:07:39:48:3e:
         1a:5e:56:58:c4:29:40:89:bb:d7:59:b3:a2:7d:95:a2:77:f2:
         82:76:da:de:22:bc:45:8f:1c:0f:5e:5f:05:2e:79:d5:e0:dd:
         3f:ba:f5:c3:74:8a:d6:54:90:58:1e:2b:2d:43:93:1e:e1:9b:
         2d:a9:b1:d1:b0:76:e2:fd:64:95:66:71:47:56:10:7f:d3:52:
         b8:b3:0a:c2:05:fc:df:aa:1f:90:87:1f:18:40:16:e6:20:63:
         ac:97:bc:a0:bb:ab:08:1b:83:e0:c5:78:7a:9e:3e:df:85:ca:
         e9:c5:ba:0c:fe:e4:35:85:2d:00:15:82:26:19:ca:26:05:3e:
         ec:c4:33:76:94:fe:74:30:8a:b3:4c:ed:41:fe:97:76:9d:d4:
         10:6a:c3:49:d7:5d:ef:c7:99:81:0f:a8:91:f6:d4:ef:ea:3c:
         1d:83:e3:68:5c:ce:56:80:bf:4e:c8:85:d0:9f:93:75:34:3d:
         37:bc:bb:bd
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgITRbXmBlM8XzfBpqYOYPfAA18UqDANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg1ZDcwODQ1ODIyYTYxNDA4ZWMyYTVmZDU4MGMxMzJkYTc3
N2YwOWQxMB4XDTI0MDIyNjA4NDg1MFoXDTI1MDIyNDA4NTM1MFowMzExMC8GA1UE
AxMoQUY2MzUwMzdEQzQ2NjI0NjA4RUE1Q0QwOThERTEyREFCMjA2QTMxQzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANfuYM6COBMMyZ+s8NuZJqsIHiux
o+uGpmpWiTlnajySdwPMn07lkJEepxqjj5/zxfjMkHomzqsG72GhIhs6I2N4aGqP
4XToe4OmyfdJDL6RfjrBBE0CKRWUphL+PIp7776evVCC5qHdZgVDsu0nNU6fq167
NQMoR/iroMosGQEh6fk5RJLYqL7gQDEsBjmNhCTRzSw6BGnvDGuX04c0kEXZ17FA
D88pOx8Dj9fdeRByDVDYzhwzsUI9aSWheu7dGklxNvhE7bvZeCljWmeWM6nBXsoa
79GPrHqw4lpqrJsP9ljZBRdjv2nqm7bPOAByjwkMzGbcRKh24uKJLdq/QiMCAwEA
AaOCAj0wggI5MB0GA1UdDgQWBBSvY1A33EZiRgjqXNCY3hLasgajHDAfBgNVHSME
GDAWgBRdcIRYIqYUCOwqX9WAwTLad38J0TAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS9mZTM3MDhhMC02N2Q1LTRhYzItYWJjNC1hMzMyNTkwYjk5
YWYvOC81RDcwODQ1ODIyQTYxNDA4RUMyQTVGRDU4MEMxMzJEQTc3N0YwOUQxLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvWFhDRVdDS21GQWpzS2xfVmdNRXkybmRf
Q2RFLmNlcjCBrQYIKwYBBQUHAQsEgaAwgZ0wgZoGCCsGAQUFBzALhoGNcnN5bmM6
Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9mZTM3MDhhMC02
N2Q1LTRhYzItYWJjNC1hMzMyNTkwYjk5YWYvOC8zMTM5MzIyZTMxMzQzNTJlMzMz
NzJlMzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADA
kSUwDQYJKoZIhvcNAQELBQADggEBAJkufidZ3Va71GWLC6WQhGmNBNcQx/wIKJ5S
2HzGEg13tBXKeh1VxnNSq33lo4pnWsr5G6Zn3529xCwfjz2lcW6A3UsMBzlIPhpe
VljEKUCJu9dZs6J9laJ38oJ22t4ivEWPHA9eXwUuedXg3T+69cN0itZUkFgeKy1D
kx7hmy2psdGwduL9ZJVmcUdWEH/TUrizCsIF/N+qH5CHHxhAFuYgY6yXvKC7qwgb
g+DFeHqePt+FyunFugz+5DWFLQAVgiYZyiYFPuzEM3aU/nQwirNM7UH+l3ad1BBq
w0nXXe/HmYEPqJH21O/qPB2D42hczlaAv07IhdCfk3U0PTe8u70=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:05 2024 by rpki-client on console-fra.rpki-client.org